Linux high profile TCP vulnerability

5 respuestas [Último envío]
lembas
Desconectado/a
se unió: 05/13/2010

https://ucrtoday.ucr.edu/39030

Way beyond my paygrade but sounds serious, There is a proposed workaround.

lembas
Desconectado/a
se unió: 05/13/2010

Bleh, apparently there is a typo in the workaround, it's supposed to be net.ipv4.tcp_challenge_ack_limit = 999999999

(i.e. missing the / at the beginning)

EDIT: They fixed the workaround so so ignore this post. Not this thread though!

Legimet
Desconectado/a
se unió: 12/10/2013

This looks pretty serious. You can track the status of the Debian packages (which will flow downstream) here: https://security-tracker.debian.org/tracker/CVE-2016-5696. But until then, there's that workaround.

hack and hack
Desconectado/a
se unió: 04/02/2015

Impressive. Too bad this can be globally fixed only with the latest future Linux release.

But the workaround is definitely better than nothing.

davidpgil
Desconectado/a
se unió: 08/26/2015

This article provides a solution and explains the problem: http://www.theregister.co.uk/2016/08/10/linux_tor_users_open_corrupted_communications

lilos
Desconectado/a
se unió: 09/04/2015

Is Debian 7 with 3.2 kernel is vulnerable ?
I read that after 3.6 kernal but just in case i will add this pach to 3.2 debian.

And what about routers ?Many open-wrt routers use 3.10 and up
kernel is this pach is need for them?